How can be MyEtherWallet secure with just a key??

howard.ashoul

full member

Activity: 140

Merit: 101

Thanks, I downloaded offline version of website.

canth

legendary

Activity: 1442

Merit: 1001

Quote from: howard.ashoul on August 27, 2017, 11:27:16 PM

I don't understand it. To access you funds at MyEtherWallet all you need is your private key. Let's say "u4jk243khj23423h4ojij23i4j2i3j4o23pj4". That's it.

How can be this secure? Huh

Somebody can write a bot, which will generate random strings (he knows lenght of string). And sooner or later it will match somebody's key. And since he doesn't need any additional password or account name, he will control that wallet.

How is that secure? Huh

1) It's not that secure - you're pasting a key into a website with client side javascript
2) You have the option of running the chrome browser version of the website. Do your diligence, start here: https://www.reddit.com/r/ethereum/comments/44vbef/myetherwallet_chrome_extension_the_beta_has/
3) Use a hardware wallet. You at least are not exposing the private key when performing transactions and can verify the address you are sending to via the ledger/trezor interface which cannot (easily) be fooled into signing a transaction to the wrong address.